Exclude ip's from Nginx limit_req zone
Maxim Dounin
mdounin at mdounin.ru
Thu Dec 25 13:12:51 UTC 2014
Hello!
On Wed, Dec 24, 2014 at 02:36:50PM -0500, ASTRAPI wrote:
> Thanks for your reply Maxim Dounin
>
> So something like this ? :
>
> Main nginx conf:
>
> http {
>
> geo $limited {
> default 1;
> 192.168.45.56/32 0;
> 199.27.128.0/21 0;
> 173.245.48.0/20 0;
> 103.21.244.0/22 0;
> 103.22.200.0/22 0;
> 103.31.4.0/22 0;
> 141.101.64.0/18 0;
> 108.162.192.0/18 0;
> 190.93.240.0/20 0;
> 188.114.96.0/20 0;
> 197.234.240.0/22 0;
> 198.41.128.0/17 0;
> 162.158.0.0/15 0;
> 104.16.0.0/12 0;
> }
>
> map $limited $limit {
> 1 $binary_remote_addr;
> 0 "";
> }
>
>
> And this on the domain config? :
>
> server {
>
> limit_req_zone $limit zone=foo:1m rate=10r/m;
> limit_req zone=foo burst=5;
The limit_req_zone can be used only at http{} level, so you'll
have to move it to http{} block, see here for docs:
http://nginx.org/r/limit_req_zone
The limit_req directive can be used at http, server, or location
level. It's up to your specific setup requirements where to use
it. In many cases it's good idea to protect only expensive
resources like proxying to backends.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list